Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[linux-security] rh62 suid files

3 views
Skip to first unread message

Martin Macok

unread,
Jul 28, 2000, 3:00:00 AM7/28/00
to linux-s...@redhat.com
Hi,
I believe having less root setuid binaries on system is The Way ...
so:

Why does RH6.2 ships with /sbin/dump & /sbin/restore root setuid? These
are for sysadmins, not for regular users I hope.

Is /sbin/unix_chkpwd really used and what is it used for? I haven't find
anything about it in pam documentation.

Is it really necessary to ship /usr/bin/gpasswd and /usr/bin/newgrp? Does
anybody really use them on Linux? Maybe these should be extras ... (maybe
they are needed by POSIX or something similar).

What is /usr/bin/sperl5.00503 (suidperl) being used for? Why this doesn't
have a manpage? Is it necessary?

According to glibc documentation /usr/libexec/pt_chown doesn't need to be
setuid nor is not used at all on RH6.2 (see /usr/doc/glibc-2.1.3/INSTALL),
why does RH6.2 ships it setuid root?

Does /sbin/netreport need root setgid bit? I could not find it being used
somewhere by regular users for any good reasons ...

Have a nice day

--
< Martin Mačok martin...@underground.cz <iso-8859-2>
\\. http://kocour.ms.mff.cuni.cz/~macok/ http://underground.cz/ .//
\\\.. .-= t.r.u.s.t n.0 o.n.e =-. ..///

Leos Bitto

unread,
Jul 28, 2000, 3:00:00 AM7/28/00
to Martin Macok
On Thu, 27 Jul 2000, Martin Macok wrote:

> Hi,
> I believe having less root setuid binaries on system is The Way ...
> so:
>
> Why does RH6.2 ships with /sbin/dump & /sbin/restore root setuid? These
> are for sysadmins, not for regular users I hope.

Agreed. System backup should always be done only by root, all other ways
try miserably. Remember BRU?

> Is /sbin/unix_chkpwd really used and what is it used for? I haven't find
> anything about it in pam documentation.

It allows PAM modules (after some sanity checks - use the source, Luke!)
to access /etc/shadow without further need for uid==0.

> Is it really necessary to ship /usr/bin/gpasswd and /usr/bin/newgrp? Does
> anybody really use them on Linux? Maybe these should be extras ... (maybe
> they are needed by POSIX or something similar).

Feel free to delete them if you don't like them. But otherwise yes, there
are users who use them.

> What is /usr/bin/sperl5.00503 (suidperl) being used for? Why this doesn't
> have a manpage? Is it necessary?

It is necessary for perl to be able to properly execute scripts with suid
bit set. Again: if you don't need that, feel free to delete suidperl.

> According to glibc documentation /usr/libexec/pt_chown doesn't need to be
> setuid nor is not used at all on RH6.2 (see /usr/doc/glibc-2.1.3/INSTALL),
> why does RH6.2 ships it setuid root?

/usr/libexec/pt_chown is being used for example by my favorite xterm
clone, gnome-terminal. Every xterm-alike apllication needs to chown your
tty. I think that doing it via a small wrapper (pt_chown) is much better
way than giving suid bit to that whole application.

> Does /sbin/netreport need root setgid bit? I could not find it being used
> somewhere by regular users for any good reasons ...

I don't know what /sbin/netreport is being used for, but anyway: sgid root
is harmless. Which doesn't mean that it gid==0 whould be available for
free, of course.

> Have a nice day

2U2 :)


Leos Bitto

--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
mail -s unsubscribe linux-secur...@redhat.com < /dev/null


Martin Macok

unread,
Jul 28, 2000, 3:00:00 AM7/28/00
to linux-s...@redhat.com
On Fri, Jul 28, 2000 at 10:47:34AM +0200, Leos Bitto wrote:
> > Is /sbin/unix_chkpwd really used and what is it used for? I haven't find
> > anything about it in pam documentation.
>
> It allows PAM modules (after some sanity checks - use the source, Luke!)
> to access /etc/shadow without further need for uid==0.

Anyway, it should be noted somewhere in pam docs. /sbin/pwdb_chkpwd is
meant there so /sbin/unix_chkpwd could be too.

I wonder there are root setuid binaries completely without documentation.
(I have to download sources from dialup/PPP :\ )

> > What is /usr/bin/sperl5.00503 (suidperl) being used for? Why this doesn't
> > have a manpage? Is it necessary?
>
> It is necessary for perl to be able to properly execute scripts with suid
> bit set. Again: if you don't need that, feel free to delete suidperl.

As somebody noted in private mail, man perlsec explains it clearly. I vote
for linking suidperl->sperl->perlsec manpage ...

(just an OLD HISTORY note for interested:
http://www.cert.org/advisories/CA-97.17.sperl.html)

> > According to glibc documentation /usr/libexec/pt_chown doesn't need to be
> > setuid nor is not used at all on RH6.2 (see /usr/doc/glibc-2.1.3/INSTALL),
> > why does RH6.2 ships it setuid root?
>
> /usr/libexec/pt_chown is being used for example by my favorite xterm
> clone, gnome-terminal. Every xterm-alike apllication needs to chown your
> tty. I think that doing it via a small wrapper (pt_chown) is much better
> way than giving suid bit to that whole application.

The documentation I noted (/usr/doc/glibc-2.1.3/INSTALL) says:
...
If you are using a 2.1 or newer Linux kernel with the `devptsfs' or
`devfs' filesystems providing pty slaves, you don't need this program;
otherwise you do.
...

Red Hat 6.x ships with 2.2.x with devptsfs compiled in. AFAIK xterm and
friends (rxvt, xterm, gnome-terminal ...) doesn't need
/usr/libexec/pt_chown, works well without it and they doesn't need to
be root setuid ...

> > Have a nice day
>
> 2U2 :)

dtto. ;)

P.S. The world is so small ...

Olaf Kirch

unread,
Jul 28, 2000, 3:00:00 AM7/28/00
to Leos Bitto
On Fri, Jul 28, 2000 at 10:47:34AM +0200, Leos Bitto wrote:
> > Why does RH6.2 ships with /sbin/dump & /sbin/restore root setuid? These
> > are for sysadmins, not for regular users I hope.

dump and restore are security desasters waiting to happen. I wonder why
they resurrected the s bits; previous RH versions didn't have them IIRC.

> /usr/libexec/pt_chown is being used for example by my favorite xterm
> clone, gnome-terminal. Every xterm-alike apllication needs to chown your
> tty. I think that doing it via a small wrapper (pt_chown) is much better
> way than giving suid bit to that whole application.

As Martin already pointed out, any reasonably up-to-date kernel supports
devpts, so there's no _need_ to chown the pty anymore as the kernel does it
for you. Using devpts does require patching the application though; not
sure what gnome-terminal does.

FWIW, when I looked into pt_chown about a year ago it did have a problem.
I don't recall exactly what it was but I think the problem was that
it didn't check that the tty you gave it was open for writing _and_ reading.
So if you broke group tty, you could chown anybody's tty as long as it
was set to mesg y.

Olaf
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
ok...@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
ok...@caldera.de +-------------------- Why Not?! -----------------------
UNIX, n.: Spanish manufacturer of fire extinguishers.

0 new messages